When you migrate from a V4R3 or earlier version of Digital Certificate Manager (DCM) to V4R5, DCM automatically upgrades your local Certificate Authority (CA) and system certificate store. DCM upgrades these files, which are located in default.kyr, into the corresponding certificate store files, which are located in default.kdb. The Hypertext Transfer Protocol (HTTP) and LDAP servers also migrate all of their valid certificates in associated key rings into default.kdb, which is the *SYSTEM certificate store.
| Note: | If you are migrating from V4R4, nothing needs to be done to migrate to V4R5. |
If you use a .kyr file that DCM did not upgrade, DCM converts it to a .kyr.kdb file. This occurs the first time you work with it. The first time you specify secure.kyr through DCM, for example, DCM converts it into secure.kyr.kdb.
| Note: | Key rings are different from certificate stores, so you must convert files in this manner. Manually changing the file extensions results in errors when you try to work with them. |
If you attempt to delete secure.kyr, DCM actually archives it and deletes secure.kyr.kdb instead.
Key ring to certificate store migration.
During installation, the system migrates the following key rings:
Default certificate store password.
If the file /QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KYR exists, the system migrates this key ring file and any other eligible key ring files into the *SYSTEM certificate store. The original password associated with the DEFAULT.KYR file is used as the password for the *SYSTEM certificate store.
If the DEFAULT.KYR file does not exist but there are other key ring files eligible for migration, the system creates the *SYSTEM certificate store with a password of DEFAULT (all uppercase letters) and completes the migration.
For information on errors and how to resolve them read the page on Migrating errors and recovery solutions.
| [ Information Center Home Page | Feedback ] | [ Legal | AS/400 Glossary ] |